Insight into the NSA's Weakening of Crypto Standards

Though most the world has been transfixed by Edward Snowden’s revelations about mass surveillance, nothing has upset the technology world more than the confirmation that the National Security Agency worked through commercial “partnerships” and domestic and international standards bodies to undercut security. In the best-known example that has come to light, documents indicate that Dual Elliptic Curve was compromised from the beginning, and my reporting showed that the sole major adopter of Dual Elliptic Curve as a default, RSA, took $10 million to spread it through the BSafe toolkit. I will draw lessons from my reporting on the topic and explain how both the past and future of the U.S. relationship to good cryptography remain hotly disputed.

Joseph Menn is an investigative technology reporter at Reuters, having previously worked for the Financial Times and Los Angeles Times. He wrote the influential 2010 bestseller Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet, a real-life thriller that brought the modern face of cybercrime to a mainstream audience. It was placed on the official reading list of the U.S. Strategic Command, named one of the ten best nonfiction works of the year by Hudson Booksellers and compared by the New Yorker to the novels of Stieg Larsson. He also wrote All the Rave, the definitive inside story of Napster.